Precise alias analysis for static detection of web application vulnerabilities

PLAS 2006 - Proceedings of the 2006 Programming Languages and Analysis for Security Workshop

Volumn 2006, Issue , 2006, Pages 27-36

  Jovanovic, Nenad ^a   Kruegel, Christopher ^a   Kirda, Engin ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

Alias analysis; Cross site scripting; Data flow analysis; PHP; Program analysis; Scripting languages security; Static analysis; Web application security

Indexed keywords

ERROR ANALYSIS; PROBLEM SOLVING; SECURITY OF DATA;

ALIAS ANALYSIS; CROSS-SITE SCRIPTING; PHP; PROGRAM ANALYSIS; SCRIPTING LANGUAGES SECURITY; STATIC ANALYSIS; WEB APPLICATION SECURITY;

WEBSITES;

EID: 33745934031     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1134744.1134751     Document Type: Conference Paper

References (35)

1. Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. Compilers: principles, techniques, and tools. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1986.
2. Lars Ole Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, 1994.
3. Ken Ashcraft and Dawson Engler. Using programmer-written compiler extensions to catch security holes. In IEEE Symposium on Security and Privacy, 2002.
4. BugTraq. BugTraq Mailing List Archive. http://www.securityfecus.com/ archive/1, 2005.
5. CERT. CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests, http://www.cert.org/advisories/CA-2000-02.html, 2005.
6. David Chase, Mark Wegman, and F. Ken Zadeck. Analysis of pointers and structures. In PLDI '90: Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation, 1991.
7. CUP. CUP: LALR Parser Generator in Java, http://www2.cs.tum.edu/projects/ cup/, 2005.
8. Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In OSDI 2000, 2000.
9. Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. Bugs as deviant behavior. A general approach to inferring errors in systems code. In SUSP '01: Proceedings of the 18th ACM Symposium on Operating Systems Principles, 2001.
10. Jeffrey S. Foster, Manuel Faehndrich, and Alexander Aiken. A theory of type qualifiers. In PLDI '99: Proceedings of the ACM SIGPLAN 1999 Conference on Programming Language Design and Implementation, 1999.
11. Michael Hind. Pointer analysis: Haven't we solved this problem yet? In PASTE '01: Proceedings of the 2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, 2001.
12. Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin, and Chung-Hung Tsai. Web application security assessment by fault injection and behavior monitoring. In WWW '03: Proceedings of the 12th International Conference on World Wide Web, 2003.
13. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, D. T. Lee, and Sy-Yen Kuo. Verifying web applications using bounded model checking. In DSN, 2004.
14. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, DerTsai Lee, and Sy-Yen Kuo. Securing web application code by static analysis and runtime protection. In WWW 04: Proceedings of the 13th International Conference on World Wide Web, 2004.
15. JFlex. JFlex: The Fast Scanner Generator for Java, http://jflex.de, 2005.
16. Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper). In IEEE Symposium on Security and Privacy, 2006.
17. Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Technical Report), http://www.seclab.tuwien.ac.at/projects/pixy/, 2006.
18. Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic. Noxes: A client-side solution for mitigating cross-site scripting attacks. In The 21st ACM Symposium on Applied Computing (SAC 2006), 2006.
19. Secure Systems Lab. Secure Systems Lab, Technical University of Vienna, http://www.seclab.tuwien.ac.at, 2006.
20. William Landi and Barbara G. Ryder. A safe approximate algorithm for interprocedural aliasing. In PLDI '92: Proceedings of the ACM SIGPLAN 1992 Conference on Programming Language Design and Implementation, 1992.
21. Yanhong A. Liu, Scott D. Stoller, Michael Gorbovitski, Tom Rothamel, and Yanni Ellen Liu. Incrementalization across object abstraction. In OOPSLA '05: Proceedings of the 20th Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, 2005.
22. V Benjamin Livshits and Monica S. Lam. Finding security errors in Java programs with static analysis. In Proceedings of the 14th Usenix Security Symposium, August 2005.
23. Yasuhiko Minamide. Static approximation of dynamically generated web pages. In WWW '05: Proceedings of the 14th International Conference on World Wide Web, 2005.
24. Steven S. Muchnick. Advanced Compiler Design and Implementation. Morgan Kaufmann, 1997.
25. A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening web applications using precise tainting. In IFIP Security 2005, 2005.
26. Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis, Springer-Verlag New York, Inc., Secaucus, NJ, USA, 1999.
27. PHP. PHP: Hypertext Preprocessor, http://www.php.net, 2005.
28. Tadeusz Pietraszek and Chris Vanden Berghe. Defending against injection attacks through context-sensitive string evaluation. In Recent Advances in Intrusion Detection 2005 (RAID), 2005.
29. Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th USENIX Security Symposium, 2001.
30. M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis, chapter 7. Prentice-Hall, 1981.
31. Bjarne Steensgaard. Points-to analysis in almost linear time. In POPL '96: Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1996.
32. Larry Wall, Tom Christiansen, Randal L. Schwartz, and Stephan Potter. Programming Perl (2nd ed.). O'Reilly & Associates, Inc., Sebastopol, CA, USA, 1996.
33. John Whaley and Monica S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In PLD1 '04: Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, 2004.
34. Robert P. Wilson and Monica S. Lam. Efficient context-sensitive pointer analysis for c programs. In PLDI '95: Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation, 1995.
35. Yichen Xie and Alex Aiken. Static Detection of Security Vulnerabilities in Scripting Languages, http://glide.stanford.edu/yichen/research/sec.ps, 2006.